when people hear 3DS they usually think something about going to a movie and watching a new experience the 3DS secure Authentication Protocol is rather a way to help Merchants prevent fraud in this video we are going to review the 3DS Authentication Protocol what it is how it works and what it does to help prevent fraud [Music] hi I'm Sully perilla a manager here at Shuman and we're going to talk about the 3DS Authentication Protocol so 3DS applies to card not present transactions think about what you're doing when you make a transaction online or with your mobile phone this is you a good friend the nesting now when that transaction is made there are details about the transaction itself and metadata from your system or mobile phone which are going to be sent to this first step now let's take a pause here we've got the 3DS server the 3DS directory server and the access control server often managed by different organizations each of these has a separate function this system is going to make sure that the correct elements were collected as a part of that transaction these two systems are going to perform Mutual authentication between them so that when the data is exchanged this system trusts this one and vice versa this system is going to the directory server it's going to route your authentication to the correct issue because you've got to know who you're talking to here and then the access control server usually often referred to as the issuer domain this is the environment that the cardholder has a relationship with so let's put this together in a generalized transaction you want to purchase some new pants so that transaction goes in this is you at home on your mobile phone that data the metadata but the transaction including your card number is going to get sent to the 3DSs I hope you like acronyms there's more coming that data Mutual authentic Mutual authentication to the directory server it's going to say okay now that I've got the correct data I'm going to send you to this intermediary this intermediate organization is going to say are you a part of the 3DS Authentication Protocol the 3DS directory server is going to then route your data to the appropriate issuer everyone has a different issuer and so you want to make sure that that goes to the right place because they're the ones who are going to make risk decisions based upon that information so that information gets handled to the access control server the access control server often managed by the issuer button can be done by a third party is going to do essentially a risk analysis on this transaction looking at that metadata Where You Are what time of day it is maybe we're going to look a little deeper what uh how often you make online transactions what is the cost of that transaction regardless of how far we go down that rabbit hole the threat tolerance is going to be unique to the issuer when the risk tolerance is met meaning that they feel that it is not a risky transaction then data goes back to where you are confirming that transaction if however the access control server says I don't know if this really is who I think it is I'm going to send back a challenge that challenge is going to go all the way back to you at this point you will be able to enter a pin answer a question or whatever other authentication value you have established with your card issuer upon verification of that data the transaction will be complete and if it's not there the transaction fails helping to prevent fraud it is apparent that all of these data elements help prevent fraud for carb not present transactions there's a lot going on here there's a lot of data elements that are being handled there's a lot of secure Mutual authentication occurring between these data elements to protect the things that are essentially you do you have questions about 3DS how it works how it pertains to your organization or how your organization can benefit from the fraud prevention services with the 3DS Authentication Protocol reach out to us we'd love to answer those questions foreign [Music]